This is a Proof of Concept for the WooCommerce 3.3-5.5 Blind Time based SQL Injection written quickly in python3.
In my case it was Unauthenticated but if yours require authentication, make sure to add the cookies in the script and it should still work. When adding the URL as an argument, you will see the response time. Default script has a sleep of 5 seconds. Feel free to adjust as needed.
For the inspiration, special thanks go to @zeroauth who wrote the sqlmap tamper script below.